John Crumpton » security http://www.johncrumpton.com Tue, 11 May 2010 20:57:50 +0000 http://wordpress.org/?v=abc en hourly 1 Website security checklist http://www.johncrumpton.com/website-security-checklist/ http://www.johncrumpton.com/website-security-checklist/#comments Fri, 29 May 2009 11:07:56 +0000 John http://www.johncrumpton.com/?p=93 A quick security checklist for your website, whether you’re running Joomla, Zencart or a bespoke content management system.

  1. Choose a complicated password, at least 10 characters alpha-numeric including letters, numbers and upper-and-lower-case. Use Goodpassword.com to generate it
  2. Create a new login for each person that needs to administer the site and don’t share login details. That way you have an audit trail to track down the source of the compromise
  3. Use encrypted connections for accessing server files, such as FileZilla which supports SFTP or WinSCP
  4. Create a administrator user account with unique name and delete your administrator user
  5. Rename your administrator or admin folder to something unique and include numbers in the name
  6. Once your content management system is configured, change the configure.php file to chmod 444 (read only)
  7. On folders you’d like to protect from being accessed, for example the images folder, use a .htaccess to stop browsing with the following code: 
    Options -Indexes
  8. Keep all files CHMOD 644. If you need to edit the files, set to read-write before making changes.
  9. Keep all folders CHMOD 755
  10. Stay up-to-date with the latest software and patches for your CMS
  11. Check log files for suspicious activity regularly
  12. Remove unneeded templates
  13. Backup regularly
]]> http://www.johncrumpton.com/website-security-checklist/feed/ 0